In the first instalment of our 2025 Cyber Security Series (read it here), we explored the most pressing cyber threats facing businesses throughout 2025 and looked at why staying vigilant is more crucial than ever.
In this second part, we outline the essential steps you can take to protect your business. Research from Microsoft reveals that effective cyber hygiene can prevent up to 98% of cyber attacks. By implementing these important measures and ensuring your entire team understands their importance, you’ll significantly strengthen your cyber defences.
Don’t forget to join our free membership for additional resources, advice, and guidance.
Educate and train employees
Human error remains one of the leading causes of successful cyber attacks. Any phishing attacks are caused by one person clicking on a malicious link without realising it, which can then lead to larger breaches or attacks.
It’s really important to make sure that all of your employees have regular training on cyber security such as: Security Awareness Training and Simulated Phishing Exercise. This will give employees knowledge and confidence around being able to identify phishing emails and keeping up with good cyber hygiene practice.
Strong passwords
The National Cyber Security Centre’s (NCSC) advice for passwords is to use three random words to create unique and secure passwords that are difficult to hack. You can also add numbers and characters onto this as well to make it more unique.
The latest advice around passwords is to ensure they are ‘long and strong’ but don’t force employees to change them on a regular basis. This makes it more difficult to remember them, which in turn increases the chances of someone writing them down/ storing them somewhere.
It’s also recommended to make each password for every account a different one. If you use the same password for multiple accounts, which is then compromised, you risk putting many different accounts at risk.
Ensure that all your employees understand how to create a secure unique password for each account.
Enable multi-factor authentication (MFA)
Enabling MFA on your work accounts is highly recommended to help prevent cyber attacks. This means that a code will be sent by email, text or to an authenticator app to help prove ownership of the account, before log in.
MFA creates an extra layer of protection, whereby if your account password has been compromised, there is a second layer of security. It’s not 100% foolproof but on the whole, this extra layer of security is highly recommended for every business account.
You can read our full blog post on MFA and why it should be used.
Keep all software and devices updated
This is a very basic measure, but is often overlooked, especially across work devices. It’s really important to ensure that you remind all employees to ensure that all software updates and patches are kept up to date to fix bugs, maintain security and performance and compatibility.
If a device is not updated with the latest security updates, there is a risk that cyber criminals can exploit this.
Make sure that all business mobile phones, laptops and other devices have automatic updates set up, rather than manual updates to ensure they are kept up to date.
Control access to accounts
In order to limit access points for cyber fraudsters, ensure you have full control over which employees have access to certain accounts and only the level of access they require to do their jobs.
Also have a protocol set up so that all access to accounts is removed immediately after an employee leaves the business.
Keeping on top of this helps to keep your business accounts as secure as they can be.
Have an up to date Incident Response Plan
It is equally important to have an Incident Response Plan in place, ready for if your business does encounter a cyber attack. This should cover immediate actions for employees, emergency contacts and a process for contacting customers, supply chain and wider stakeholders.
You can download our Incident Response Guide.
Cyber Essentials
We always recommend that a business achieves the Cyber Essentials and then the Cyber Essentials Plus certification, which gives a good understanding of good cyber security, and gives your supply chain the reassurance that your business meets recognised security standards.
Look at our list of recommended Cyber Partners.
Cybersecurity is a continuous process, not a one-time fix. By staying informed, investing in the right tools, and fostering a culture of vigilance, UK businesses can remain resilient in the face of growing cyber threats in 2025.
Don’t wait for an attack to act – start securing your business today.
Comments